Дисертації з теми "CLOUD OF SECRECY"

La cryptographie a été un facteur clé pour permettre la vente de services et du commerce par Internet. Le cloud computing a amplifié cette révolution et est devenu un service très demandé grâce à ses avantages comme : puissance de calcul importante, services à bas coûts, rendement, évolutivité, accessibilité et disponibilité. Parallèlement à la hausse de nouveaux business, des protocoles pour des calculs sécurisés ont aussi émergé. Le but de cette thèse est de contribuer à la sécurité des protocoles d’Internet existants en fournissant une analyse de la source aléatoire de ces protocoles et en introduisant des protocoles mieux adaptés pour les environnements des cloud computing. Nous proposons de nouvelles constructions en améliorant l'efficacité des solutions actuelles afin de les rendre plus accessibles et pratiques. Nous fournissons une analyse de sécurité détaillée pour chaque schéma avec des hypothèses raisonnables. Nous étudions la sécurité du cloud computing à différents niveaux. D'une part, nous formalisons un cadre pour analyser quelques-uns des générateurs de nombres pseudo-aléatoires populaires à ce jour qui sont utilisés dans presque chaque application cryptographique. D'autre part, nous proposons deux approches efficaces pour des calculs en cloud. Le premier permet à un utilisateur de partager publiquement son secret de haute entropie avec des serveurs différents pour plus tard le récupérer par interaction avec certains de ces serveurs en utilisant seulement son mot de passe et sans données authentifiées. Le second permet à un client d'externaliser à un serveur une base de données en toute sécurité, qui peut être recherchée et modifiée ultérieurement
Cryptography has been a key factor in enabling services and products trading over the Internet. Cloud computing has expanded this revolution and it has become a highly demanded service or utility due to the advantages of high computing power, cheap cost of services, high performance, scalability, accessibility as well as availability. Along with the rise of new businesses, protocols for secure computation have as well emerged. The goal of this thesis is to contribute in the direction of securing existing Internet protocols by providing an analysis of the sources of randomness of these protocols and to introduce better protocols for cloud computing environments. We propose new constructions, improving the efficiency of current solutions in order to make them more accessible and practical. We provide a detailed security analysis for each scheme under reasonable assumptions. We study the security in a cloud computing environment in different levels. On one hand, we formalize a framework to study some popular real-life pseudorandom number generators used in almost every cryptographic application. On the other, we propose two efficient applications for cloud computing. The first allows a user to publicly share its high-entropy secret across different servers and to later recover it by interacting with some of these servers using only his password without requiring any authenticated data. The second, allows a client to securely outsource to a server an encrypted database that can be searched and modified later

Along with the recent developments in technology and the widespread use of the Internet, an urgent need has arisen for consumers to be fully protected and to have access to reliable safety services, especially when the Internet is used for selling or buying products and other money-related transactions. With this in mind we devised development strategies that ensure privacy in buying and selling transactions. This work focuses on one particular type of transaction, the online sealed-bid auction. This work presents a review of the secret sharing scheme and how this type of cryptography can help to increase security in the environment of the online cloud. The review is followed by an illustration of the ways in which the secret sharing scheme can be used by a cloud provider to create a self-organizing environment and an elucidation of how sealed-bid auctions can be conducted while providing security from attackers.

Les systèmes d’information décisionnels dans le cloud Computing sont des solutions de plus en plus répandues. En effet, ces dernières offrent des capacités pour l’aide à la décision via l’élasticité des ressources pay-per-use du Cloud. Toutefois, les questions de sécurité des données demeurent une des principales préoccupations notamment lorsqu'il s’agit de traiter des données sensibles de l’entreprise. Beaucoup de questions de sécurité sont soulevées en terme de stockage, de protection, de disponibilité, d'intégrité, de sauvegarde et de récupération des données ainsi que des transferts des données dans un Cloud public. Les risques de sécurité peuvent provenir non seulement des fournisseurs de services de cloud computing mais aussi d’intrus malveillants. Les entrepôts de données dans les nuages devraient contenir des données sécurisées afin de permettre à la fois le traitement d'analyse en ligne hautement protégé et efficacement rafraîchi. Et ceci à plus faibles coûts de stockage et d'accès avec le modèle de paiement à la demande. Dans cette thèse, nous proposons deux nouvelles approches pour la sécurisation des entrepôts de données dans les nuages basées respectivement sur le partage vérifiable de clé secrète (bpVSS) et le partage vérifiable et flexible de clé secrète (fVSS). L’objectif du partage de clé cryptée et la distribution des données auprès de plusieurs fournisseurs du cloud permet de garantir la confidentialité et la disponibilité des données. bpVSS et fVSS abordent cinq lacunes des approches existantes traitant de partage de clés secrètes. Tout d'abord, ils permettent le traitement de l’analyse en ligne. Deuxièmement, ils garantissent l'intégrité des données à l'aide de deux signatures interne et externe. Troisièmement, ils aident les utilisateurs à minimiser le coût de l’entreposage du cloud en limitant le volume global de données cryptées. Sachant que fVSS fait la répartition des volumes des données cryptées en fonction des tarifs des fournisseurs. Quatrièmement, fVSS améliore la sécurité basée sur le partage de clé secrète en imposant une nouvelle contrainte : aucun groupe de fournisseurs de service ne peut contenir suffisamment de volume de données cryptées pour reconstruire ou casser le secret. Et cinquièmement, fVSS permet l'actualisation de l'entrepôt de données, même si certains fournisseurs de services sont défaillants. Pour évaluer l'efficacité de bpVSS et fVSS, nous étudions théoriquement les facteurs qui influent sur nos approches en matière de sécurité, de complexité et de coût financier dans le modèle de paiement à la demande. Nous validons également expérimentalement la pertinence de nos approches avec le Benchmark schéma en étoile afin de démontrer son efficacité par rapport aux méthodes existantes
Cloud business intelligence is an increasingly popular solution to deliver decision support capabilities via elastic, pay-per-use resources. However, data security issues are one of the top concerns when dealing with sensitive data. Many security issues are raised by data storage in a public cloud, including data privacy, data availability, data integrity, data backup and recovery, and data transfer safety. Moreover, security risks may come from both cloud service providers and intruders, while cloud data warehouses should be both highly protected and effectively refreshed and analyzed through on-line analysis processing. Hence, users seek secure data warehouses at the lowest possible storage and access costs within the pay-as-you-go paradigm.In this thesis, we propose two novel approaches for securing cloud data warehouses by base-p verifiable secret sharing (bpVSS) and flexible verifiable secret sharing (fVSS), respectively. Secret sharing encrypts and distributes data over several cloud service providers, thus enforcing data privacy and availability. bpVSS and fVSS address five shortcomings in existing secret sharing-based approaches. First, they allow on-line analysis processing. Second, they enforce data integrity with the help of both inner and outer signatures. Third, they help users minimize the cost of cloud warehousing by limiting global share volume. Moreover, fVSS balances the load among service providers with respect to their pricing policies. Fourth, fVSS improves secret sharing security by imposing a new constraint: no cloud service provide group can hold enough shares to reconstruct or break the secret. Five, fVSS allows refreshing the data warehouse even when some service providers fail. To evaluate bpVSS' and fVSS' efficiency, we theoretically study the factors that impact our approaches with respect to security, complexity and monetary cost in the pay-as-you-go paradigm. Moreover, we also validate the relevance of our approaches experimentally with the Star Schema Benchmark and demonstrate its superiority to related, existing methods

Data Protection legislation has evolved around the globe to maximize legal protection of trade secrets. However, in an online cross-jurisdiction environment of cloud computing and blockchains, it is becoming increasingly difficult to maximize retribution for trade secret misappropriation. This multidisciplinary Ph.D. research proposes a model for legal protection for trade secrets in the cloud and over blockchains. Two QoS based datasets were used for evaluation of proposed model. The prior dataset i.e., feedback from customers, was compiled using leading review websites such as Cloud Hosting Reviews, Best Cloud Computing Providers, and Cloud Storage Reviews and Ratings. The later dataset i.e., feedback from servers, was generated from Cloud brokerage architecture that was emulated using high performance computing (HPC) cluster at University of Luxembourg (HPC @ Uni.lu). The simulation runs in the stable environment i.e. when uncertainty is low, show better results of proposed model as compared to its counterparts in the field. In particular, the results have implications for enterprises that view trade secrets misappropriation as a limiting factor for acquisition of Cloud services. For legal validation of the results, questionnaires were sent to law and ICT experts. There were total of six respondents (two from the field of ICT, two from the field of law, and two from the field of ICT and Law). The sample (5 out of 6 respondents) agreed with the findings of this PhD research.

Storing personal information in a secure and reliable manner may be crucial for organizational as well as private users. Encryption protects the confidentiality of data against adversaries but if the cryptographic key is lost, the information will not be obtainable for authorized individuals either. Redundancy may protect information against availability issues or data loss, but also comes with greater storage overhead and cost. Cloud storage serves as an attractive alternative to traditional storage as one is released from maintenance responsibilities and does not have to invest in in-house IT-resources. However, cloud adoption is commonly hindered due to privacy concerns. Instead of relying on the security of a single cloud, this study aims to investigate the applicability of a multi-cloud solution based on Secret Sharing, and to identify suitable options and guidelines in a configuration user interface (UI). Interviews were conducted with technically skilled people representing prospective users, followed by walkthroughs of a UI prototype. Although the solution would (theoretically) allow for employment of less “trustworthy” clouds without compromising the data confidentiality, the research results indicate that trust factors such as compliance with EU laws may still be a crucial prerequisite in order for users to utilize cloud services. Users may worry about cloud storage providers colluding, and the solution may not be perceived as adequately secure without the use of encryption. The configuration of the Secret Sharing parameters are difficult to comprehend even for technically skilled individuals and default values could/should be recommended to the user.
PRISMACLOUD

This work modifies Shamir’s algorithm by sharing a random key that is used to lock up the secret data; as against sharing the data itself. This is significant in cloud computing, especially with homomorphic encryption. Using web design, the resultant scheme practically globalises secret sharing with authentications and inherent secondary applications. The work aims at improving cybersecurity via a joint exploitation of human factors and technology; a human-centred cybersecurity design as opposed to technology-centred. The completed functional scheme is tagged CDRSAS. The literature on secret sharing schemes is reviewed together with the concepts of human factors, trust, cyberspace/cryptology and an analysis on a 3-factor security assessment process. This is followed by the relevance of passwords within the context of human factors. The main research design/implementation and system performance are analysed, together with a proposal for a new antidote against 419 fraudsters. Two twin equations were invented in the investigation process; a pair each for secret sharing and a risk-centred security assessment technique. The building blocks/software used for the CDRSAS include Shamir’s algorithm, MD5, HTML5, PHP, Java, Servlets, JSP, Javascript, MySQL, JQuery, CSS, MATLAB, MS Excel, MS Visio, and Photoshop. The codes are developed in Eclipse IDE, and the Java-based system runs on Tomcat and Apache, using XAMPP Server. Its code units have passed JUnit tests. The system compares favourably with SSSS. Defeating socio-cryptanalysis in cyberspace requires strategies that are centred on human trust, trust-related human attributes, and technology. The PhD research is completed but there is scope for future work.

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using SSS to protect privacy in distributed signal processing. There are three main contributions to this dissertation. First, the proposed computing framework is shown to be significantly more efficient than GC. Second, a novel game-theoretical framework is proposed to analyze different types of collusion attacks. Third, using the proposed game-theoretical framework, specific mechanism designs are developed to deter collusion attacks in a fully distributed manner. Specifically, for a collusion attack with known detectors, I analyze it as games between secret owners and show that the attack can be effectively deterred by an explicit retaliation mechanism. For a general attack without detectors, I expand the scope of the game to include the computing agents and provide deterrence through deceptive collusion requests. The correctness and privacy of the protocols are proved under a covert adversarial model. Our experimental results demonstrate the efficiency of SSS-based protocols and the validity of our mechanism design.

碩士
世新大學
智慧財產權研究所(含碩專班)
104
“The owners have taken reasonable measures to maintain confidentiality” means trade secrets owners objectively take certain behaviors, and let others know that they have intents to protect these information as secrets. There are no legal regulations to decide that whether the measures taken by trade secrets owners are achieved “reasonable” degree or not. It is usually judged by kinds and nature of cases. Although experts and scholars propose specific measures to define that what reasonable measures taken for maintain confidentiality are, they lack of complete thinking and structure. Take possible four stages of business secrets losses summarized by the “Institute for Information Industry”: 1. internal operation; 2. external negotiation; 3. external negotiation afterwards; 4. during dispute process for example, we can learn it form them that what completely reasonable maintain confidentiality are. In addition to traditionally protecting facilities and signing “confidentiality agreements” for protecting business trade secrets, some preventive and remedial reasonable measures include to sign “non-compete agreements” and claim for “confidentiality protective orders,” and so on. At present, enterprises often use cloud computing to storage business secrets, so this thesis attempts to study legal risks of trade secrets losses resulting from insufficient protections of cloud service providers. This study also makes suggestions for research results for enterprises to establish completely reasonable maintain secrets measures and give references to the relevant government agencies. Keyword︰ trade secret, reasonable maintain secrets measures,confidentiality agreements,non-compete agreements,confidentiality protective orders,cloud computing

碩士
國立東華大學
資訊工程學系
106
In 1979, Shamir published a landmark paper that a (k, n)-Secret Sharing (SS) hiding a secret data in the constant term of a (k-1)-degree polynomial. Accordingly, by using Shamir’s (k, n)-SS, Thien and Lin extended SS to share digital images. This secret image sharing (SIS) scheme is an important research area combining methods and techniques coming from cryptography and image processing. In (k, n)-SIS scheme a secret image is subdivided into n shadow images (referred to as shadows). By using any k or more than k shadows, the secret image can be recovered. However, any (k-1) or fewer than (k-1) shares cannot obtain any secret information. Up to date, there are many SIS schemes with specific features, e.g., providing authentication, progressive reconstruction, meaningful shadows, sharing multiple secrets. In addition, the SIS schemes with specific thresholds, (t, s, k, n)-SIS scheme and (t, k, n)-SIS scheme, were also studied. Due to the fast growth of cloud network, users may outsource their data to cloud servers. However, the major concern is that the security and privacy should be assured from outsiders, other clients, or even the unauthorized cloud employees. In this thesis, we study the public reconstruction of (k, n)-SIS scheme over distributed cloud network (DCN). In fact, all previous (k, n)-SIS schemes do not deal with public reconstruction of SIS scheme over DCN. Obviously, to enable secure reconstruction over DCN, we need secure communication among all involved participants holding shadows. A naive implementation of secure communication is using an extra key management protocol to deliver a common key to all participants. In this thesis, we use multi-variate symmetric polynomial to obtain public reconstruction of SIS scheme over DCN (SISDCN), which still has the threshold property (recover the secret image from any k shadows) and meanwhile provides secure reconstruction over DCN. Our SISDCN may noninteractively share a common key that establish secure communication among any k participants.

碩士
國立中山大學
資訊工程學系研究所
104
In recent years, at an era of information explosion, cloud storage system is wide-spread used in our daily life. However, cloud storage system include many information security issues. The technical of secret sharing is applied to solve these problem include data privacy, data integrity and computational cost. Nevertheless, applying Shamir’s secret sharing scheme to cloud storage system, there are two fetal problems. When we upload the file to the cloud storage system, the size of each share equals to the file such that it waste amount of storage to save these shares; furthermore, a heavy computational cost is required to make shares which is going to be saved in the cloud servers. Therefore, we then proposed a secret-sharing-based method by generating pseudo-random number to replace the real shares such that it reduces the storage cost; in addition, we use just EXCLUSIVE-OR (XOR) operation to reduce the computational cost when computing the shares for each cloud servers.

碩士
國立中山大學
資訊工程學系研究所
105
An efficient and fault-tolerant cloud storage scheme for file owners is presented in this paper. A large file is first divided into secrets, and each secret is then divided into shares by using a (k, l, L, n)-threshold secret sharing scheme. These shares are finally uploaded into n-l cloud storage servers. To retrieve the file, any k shares of each secret are first retrieved from some of the servers. The value of each secret can then be computed from these k shares, and the original files can then be assembled from these secrets. The scheme achieves the following security for the file owners: (1) Secrecy: at least k shares are obtained, the contents of the file cannot be reconstructed, including the cloud storage owner. (2) Fault-tolerant: Only need k shares to reconstruct the file. (3) Can be used to delete a file permanently: by letting k=n and store one share by the file owner. If the share stored by the file owner is deleted, the file can no longer be reconstructed any more. The proposed scheme adopted the Satoshi et al.''s secret sharing scheme and J. Kurihara et al''s ramp secret sharing scheme to reduce the total storage required. It uses J. Kurihara et al''s ramp secret sharing scheme, in which only XOR operations are needed to reduce the computational cost. The improvement is significant when n is small and the secret size is large, the efficiency of the scheme. Therefore, the proposed protocol is practical in cloud storage.

碩士
國立東華大學
資訊工程學系
101
Cloud computing is an Internet-based computing, and it is one of the foundations of the next generation of computing. In cloud computing, the service is fully served by the provider and the client needs nothing but a personal device and Internet access. Computing services, such as data, storage, software, computing, and application, are delivered to local devices through Internet. The major security issue of cloud computing is that the cloud provider must ensure that their infrastructure is secure, and that prevent illegal data accesses from outsiders, other clients, or even the unauthorized cloud employees. In this thesis, we design a cloud security method to prevent unauthorized user access the information in the cloud that including key agreement and authentication. By using Elliptic Curve Diffie-Hellman (ECDH) and symmetric bivariate polynomial based on secret sharing, so we propose the secure cloud computing (SCC). Two types of SCC are proposed. One requires a trusted third party (TTP), and the other does not need a TTP. Also, our SCC can be extended to multi-server SCC (MSCC) to fit an environment, where each multi-server system contains multiple servers to collaborate for serving applications. Due to the strong security and operation efficiency, the proposed SCC and MSCC are extremely suitable for use in cloud computing.

No
The Versatile and Ubiquitous Secret Sharing System, a cloud data repository secure access and a web based authentication scheme. It is designed to implement the sharing, distribution and reconstruction of sensitive secret data that could compromise the functioning of an organisation, if leaked to unauthorised persons. This is carried out in a secure web environment, globally. It is a threshold secret sharing scheme, designed to extend the human trust security perimeter. The system could be adapted to serve as a cloud data repository and secure data communication scheme. A secret sharing scheme is a method by which a dealer distributes shares of a secret data to trustees, such that only authorised subsets of the trustees can reconstruct the secret. This paper gives a brief summary of the layout and functions of a 15-page secure server-based website prototype; the main focus of a PhD research effort titled ‘Cryptography and Computer Communications Security: Extending the Human Security Perimeter through a Web of Trust’. The prototype, which has been successfully tested, has globalised the distribution and reconstruction processes.
Petroleum Technology Development Fund

碩士
中國文化大學
資訊安全產業研發碩士專班
100
In recent years, cloud computing is not only a technical issue but also a popular commercial issue. It supplies services as well as resources through the Internet. Though cloud computing brings a lot of convenience, some people have doubt about its security. This study focuses on data and accounts protection on the cloud. We proposed security mechanisms to improve confidentiality, integrity, authentication, access control and audit in the cloud. The proposed security mechanisms are divided into two parts. The first part is for security of data storage, which combines the concept of RAID 5 with secret sharing. The second part is for account protection, which stores two time dimensions to make use of bitemporal databases. Before being uploaded, data are split using of the first part mechanisms. Even if someone steals some data, he couldn’t read and use them. The first part mechanisms will achieve confidentiality and integrity. When consumers perform some actions on cloud bitemporal databases, corresponding transaction times will be recorded and checked with their valid times. Thus we can audit consumers’ transactions. Herewith the second part mechanisms will achieve authentication, access control and auditing. Therefore, the security mechanisms can secure data and protect accounts.

碩士
國立成功大學
資訊工程學系碩博士班
101
In the era of information explosion, people usually share various kinds of information through networks. As more information is going to be shared and stored, the maintenance costs of data also increase. Since cloud storage systems have large storage space, high transmission bandwidth, and the supports of data maintenance, the management costs of clients can further be reduced, and therefore more companies would like to outsource their data into cloud storage systems. However, because of the lacks of physical controls of data, the data security and the data availability are always concerned. Hence, this thesis mainly focuses on proposing a method to leverage between the data security, the data availability, the access performance, and the client cost. Nevertheless, clients often cannot be served with what they actually want because the Service Level Agreement (SLA) provided by existing cloud storage systems is not customized. Therefore, this thesis first defines the corresponding SLA elements according to the four major concerns of clients. Based on the customized SLA negotiated with clients, their actual requirements can be discovered and exploited to adjust the system parameters for completing services. Among existing cloud storage systems with the data security support, Short-Secret-Sharing (SSS) cloud storage system has the characteristics including the smallest storage consumption, the highest performance and key management supports. By adjusting the parameters (n, k) of SSS, the cloud storage system can provide different levels of protection in the data security and the data availability whereas obtaining different access performance and client costs. This thesis would like to propose a method to obtain the optimal result by adjusting the parameters (n, k) based on the customized SLA of clients. Finally, by analyzing several scenarios, the customized SLAs negotiated with different clients are obtained. Moreover, optimal results are presented when clients are served by different cloud storage systems.

Cloud computing is a globalised concept and there are no borders within the cloud. Computers used to process and store user data can be located anywhere on the globe, depending on where the capacities that are required are available in the global computer networks used for cloud computing. Because of the attaractive features of cloud computing many organizations are using cloud storage for storing their critical information. The data can be stored remotely in the cloud by the users and can be accessed using thin clients as and when required.One of the major issue in cloud today is data security in cloud computing.Storage of data in the cloud can be risky because of use of Internet by cloud based services which means less control over the stored data. One of the major concern in cloud is how do we grab all the benefits of the cloud while maintaining security controls over the organizations assets. Our aim is to propose a more reliable, decentralized light weight key management technique for cloud systems which provides more effecient data security and key management in cloud systems. Our proposed technique provides better security against byzantine failure, server colluding and data modification attacks.

Cloud Computing and Cloud Storage in particular are rapidly transforming the nature of how business use information technology based on a software-as-a-service model. The main aspect of this paradigm changing is the fact that data is leaving organizations data centers and is being outsourced to cloud providers infra- structures. For Cloud Storage in concrete, there are many appealing advantages on using this new approach such as the opportunity to use a completely flexible web-scale storage service, available from any point in the world with an Internet connection. However, from a security perspective, this advance also poses new and critical security threats. Issues like data loss or leakage, availability, confidentiality, integrity and malicious insiders are amongst the most referenced concerns when deciding to move data to the cloud. The DepSky system already addresses some of these concerns. Therefore the aim of this work is divided in two main phases. First the DepSky system was object of improvement, by adding a new mechanism called Erasure Codes in the form of a library, and only after an analysis of some of the available Erasure Codes libraries in the Internet. Secondly, the availability of 4 (four) commercial cloud storage providers was studied using the logger application of DepSky. To achieve a realistic scenario, several loggers were deployed dispersed around the world in different geographical regions. Afterwards, a careful analysis of the resultant logs was made in order to assess and correlate several aspects such as latency (perceived availability), cost and differences in geographical regions. Therefore, this analysis and its results are the major contribution of this work

碩士
國立臺灣科技大學
電子工程系
103
Nowadays people can easily use any smart device at hand to capture scenery and then upload it to the cloud storage. Cloud storages are widely used for storing the generated multimedia content. However, the risk of potential private data leakage may exist since cloud storages are normally in a public domain. To enhance the security and privacy of images on the cloud storage, we proposed an integrated scheme evolving invisible digital watermarking and masking which are based on the histogram shifting method. The histogram modification based scheme can achieve reversible data hiding, to ensure the integrity and the confidentiality of the image data. Additionally, we use the secret sharing scheme to keep the secret keys to further improve the security of data access. The evaluation results show that the proposed system can effectively prevent the malicious user from accessing the private images.

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011
Cloud Computing (computação na nuvem) e Cloud Storage (armazenamento na nuvem) em particular, estão a transformar rapidamente a natureza de como o mundo empresarial e o negócio usa as tecnologias de informação, baseado num modelo de software-como-um-serviço. O principal aspecto desta mudança de paradigma é o facto dos dados estarem a deixar os datacenters (centros de dados) das organizações e serem alvos de outsourcing para fornecedores de infra-estruturas de nuvem. No caso do Cloud Storage em concreto, existem diversas vantagens no uso deste novo modelo, tais como a oportunidade de utilizar um serviço de armazenamento completamente flexível e escalável na Internet, e disponível a partir de qualquer ponto do mundo, com uma ligação à mesma. Contudo, do ponto de vista de um perspectiva de segurança, este avanço representa também novas e graves ameaças à segurança. Questões como a perda de dados, disponibilidade, confidencialidade, integridade e insiders maliciosos estão entre as maiores preocupações dos que decidem mover dados para a nuvem. O sistema DepSky já endereça algumas destas preocupações. Desta forma, os objectivos deste trabalho estão divididos em duas fases principais. Primeiro, o sistema DepSky foi objecto de aperfeiçoamento, tendo sido alvo da adição de um novo mecanismo de nome Erasure Codes, sob a forma de uma biblioteca, e somente após uma análise de algumas bibliotecas de Erasure Codes disponíveis na Internet. Em segundo lugar, a disponibilidade de 4 (quatro) fornecedores comerciais de armazenamento na nuvem foi estudada usando a aplicação logger do DepSky. Para alcançar um cenário realista, estas aplicações foram configuradas e iniciadas em vários pontos do mundo, dispersos por diversas zonas geográficas. De seguida, foi realizada uma cuidadosa análise aos registo resultantes, com o objectivo de avaliar e correlacionar vários aspectos do armazenamento na nuvem, tais como a latência ( disponibilidade aparente), o custo e as diferenças nos atrasos consoante várias regiões geográficas. Esta análise e os seus resultados são a maior contribuição deste trabalho.
Cloud Computing and Cloud Storage in particular are rapidly transforming the nature of how business use information technology based on a siftware-as-a-service model. The main aspect of this paradigm changing is the fact that data is leaving organizations data centers and is being outsourced to cloud providers infra-structures. For Cloud Sorage in concrete, there are many appealing advantages on using this new approach such as the opportunity to use a completely flexible web-scale storage service, available from any point in the world with an Internet connection. However, from a security perspective, this advance also poses new and critical security threats. Issues like data loss or leakage, availability, confidentiality, integrity and malicious insiders are amongst the most referenced concerns when deciding to move data to the cloud. The DepSky system already addresses some of these concerns. Therefore the aim of this work is divides in two main phases. First the DepSky system was object of improvement, by adding a new mechanism called Erasure Codes in the form of a library, and only after an analysis of some of the available Erasure Codes libraries in the Internet. Secondly, the availability of 4 (four) commercial cloud storage providers was studied using the logger application of DepSky. To achieve a realistic scenario, several loggers were deployed dispersed around the world in different geographical regions. Afterwards, a careful analysis of the resultant logs was made in order to assess and correlate several aspects such as latency (perceived availability), cost and differences in geographical regions. Therefore, this analysis and its results are the major contribution of this work.